The SNMP is a management protocol often used to monitor and remotly configures servers and other network devices such as switches, router etc.This protocol has a weak authentication system: public and private community strings.

Public community string can read information from a SNMP enabled device

Private community string can often reconfigure a device

Wikipedia has a nice article about this, also the mib tree where you can find here.

Scanning machines with snmp enabled can give interesting results if improperly configured. Many tools exist, but the one I was exposed to during my Offensive Security course was snmpwalk.Scanning a Windows system running snmp.

From our linux machine’s shell, we’d would type the following command to scan a single machine.linux~#snmpwalk -c public -v1 -target IP–

This can return information such as running services, and/or installed applications. Also somewhere in the output, we could find the operating system’s version. It can be a very long output, so using grep is a good idea.

The above syntax, the switches -c & -v are used. The first -c is to indicate which community string: public or private. The second, -v tells the script which version of snmp to use. In this case version 1. We also inform the script to add the root of the mib tree with “1” after the target’s IP address. See top of the this post for a wiki link on the mib tree.

Of course, one can use the following script “snmpcheck” to gather most or all information availible in a more human readable format.